Lifetime access$249· 50/100Get yours

Security at Workel

Protecting your data is foundational to everything we build. Workel is designed with enterprise-grade security from the ground up, so your team can collaborate with confidence.

Infrastructure

  • Hosted on Microsoft Azure App Service with automatic scaling and high availability
  • All data encrypted at rest using AES-256 encryption
  • All data encrypted in transit using TLS 1.3
  • Azure Blob Storage for file storage with redundancy
  • Redis caching layer with authenticated connections
  • PostgreSQL database with automated backups

Authentication

  • Laravel Sanctum token-based API authentication
  • OAuth 2.0 Google Single Sign-On (SSO)
  • Bcrypt password hashing with configurable rounds
  • Rate-limited login attempts to prevent brute force attacks
  • Session management with configurable expiration
  • Secure token storage and rotation

Access Control

  • Role-based access control (RBAC) with Owner, Admin, and Member roles
  • Project-level isolation ensuring members only access assigned projects
  • Granular permissions for tasks, files, chat, calendar, and pages
  • Workspace-scoped data queries preventing cross-tenant data leakage
  • Policy-based authorization on all API endpoints
  • Broadcast channel authentication for real-time events

Data Protection

  • Daily automated database backups with point-in-time recovery
  • Azure Blob Storage with geo-redundant storage options
  • Soft-delete architecture preserving data integrity with 30-day recovery
  • Input validation and sanitization on all API endpoints
  • SQL injection prevention through parameterized queries (Eloquent ORM)
  • XSS protection with HTML escaping across frontend rendering

Compliance

  • GDPR-ready with data export, deletion, and consent management
  • CCPA compliance with right to know, delete, and opt-out support
  • SOC 2 Type II certification in progress
  • Regular security audits and vulnerability assessments
  • Secure development lifecycle with code review requirements
  • Dependency vulnerability scanning and automated updates

Responsible Disclosure

If you discover a security vulnerability, we appreciate your help in disclosing it to us responsibly. Please report any security issues to our security team directly.

security@workel.com